OAuth¶
Todo
Docstrings (module, models, provider)
Models¶
-
class
indico.modules.oauth.models.applications.
OAuthApplication
(**kwargs)¶ Bases:
sqlalchemy.ext.declarative.api.Model
OAuth applications registered in Indico.
A simple constructor that allows initialization from kwargs.
Sets attributes on the constructed instance using the names and values in
kwargs
.Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.
-
client_id
¶ the OAuth client_id
-
client_secret
¶ the OAuth client_secret
-
client_type
¶
-
default_redirect_uri
¶
-
default_scopes
¶ the OAuth default scopes the application may request access to
-
description
¶ human readable description
-
id
¶ the unique id of the application
-
is_enabled
¶ whether the application is enabled or disabled
-
is_trusted
¶ whether the application can access user data without asking for permission
-
locator
¶
-
name
¶ human readable name
-
redirect_uris
¶ the OAuth absolute URIs that a application may use to redirect to after authorization
-
reset_client_secret
()¶
-
system_app_type
¶ the type of system app (if any). system apps cannot be deleted
-
validate_redirect_uri
(redirect_uri)¶ Called by flask-oauthlib to validate the redirect_uri.
Uses a logic similar to the one at GitHub, i.e. protocol and host/port must match exactly and if there is a path in the whitelisted URL, the path of the redirect_uri must start with that path.
-
-
class
indico.modules.oauth.models.applications.
SystemAppType
¶ Bases:
int
,indico.util.struct.enum.IndicoEnum
-
checkin
= 1¶
-
default_data
¶
-
enforced_data
¶
-
flower
= 2¶
-
none
= 0¶
-
-
class
indico.modules.oauth.models.tokens.
OAuthGrant
(client_id, code, redirect_uri, user, scopes, expires)¶ Bases:
object
OAuth grant token.
-
delete
()¶
-
classmethod
get
(client_id, code)¶
-
key
¶
-
classmethod
make_key
(client_id, code)¶
-
save
()¶
-
ttl
¶
-
-
class
indico.modules.oauth.models.tokens.
OAuthToken
(**kwargs)¶ Bases:
sqlalchemy.ext.declarative.api.Model
OAuth tokens.
A simple constructor that allows initialization from kwargs.
Sets attributes on the constructed instance using the names and values in
kwargs
.Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.
-
access_token
¶ an unguessable unique string of characters
-
application
¶ application authorized by this token
-
application_id
¶ the identifier of the linked application
-
expires
¶
-
id
¶ the unique identifier of the token
-
last_used_dt
¶ the last time the token was used by the application
-
locator
¶
-
scopes
¶ The set of scopes the linked application has access to.
-
type
¶
-
user
¶ the user who owns this token
-
user_id
¶ the identifier of the linked user
-
Utilities¶
-
exception
indico.modules.oauth.provider.
DisabledClientIdError
(description=None, uri=None, state=None, status_code=None, request=None)¶ Bases:
oauthlib.oauth2.rfc6749.errors.FatalClientError
- description: A human-readable ASCII [USASCII] text providing
- additional information, used to assist the client developer in understanding the error that occurred. Values for the “error_description” parameter MUST NOT include characters outside the set x20-21 / x23-5B / x5D-7E.
- uri: A URI identifying a human-readable web page with information
- about the error, used to provide the client developer with additional information about the error. Values for the “error_uri” parameter MUST conform to the URI- Reference syntax, and thus MUST NOT include characters outside the set x21 / x23-5B / x5D-7E.
state: A CSRF protection value received from the client.
request: Oauthlib Request object
-
error
= u'application_disabled_by_admin'¶
-
indico.modules.oauth.provider.
load_client
(client_id)¶
-
indico.modules.oauth.provider.
load_grant
(client_id, code)¶
-
indico.modules.oauth.provider.
load_token
(access_token, refresh_token=None)¶
-
indico.modules.oauth.provider.
save_grant
(client_id, code, request, *args, **kwargs)¶
-
indico.modules.oauth.provider.
save_token
(token_data, request, *args, **kwargs)¶